16 minute read
STUDENT IN SECURITY SPOTLIGHT
ELIZABETH AIDI KAMAU
Elizabeth Aidi Kamau was born and grew up in Nairobi, Kenya. Today she lives in Perth where she is in the second year of study for a bachelor’s degree in cybersecurity at Edith Cowan University.
Bachelor of Cybersecurity Student, Edith Cowan University
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I am studying cybersecurity whose role I believe is to protect individuals’ and organisations’ data, networks, systems and devices. I am an ‘online police officer’ who finds and catches bad guys on the internet in a fun and exciting way. It’s like being Batman in Gotham city where the city is the internet in which we find and catch the bad guys to protect the city.
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
I thought it would be more technical and difficult to study. My experience now is that it requires much greater attention to detail than simply being good at maths. You need to keep up with the latest technology as well as learn advanced persistent threat patterns.
What cybersecurity role would most like to be hired into when you graduate, and why?
I would love to join a blue team as either a security analyst or security system administrator. I also find being a security consultant interesting. However, that is something I would have to work towards. This is mainly because I love working one-on-one with people and working in teams rather than the normal stereotype of a tech guru working individually. I understand and enjoy working with the tools we use to analyse data and I have been having an exciting time learning to use them.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
So far, I think only my high school principal has been against my decision, because it is not a common career choice back home. My parents have been my biggest supporters all along, and my mentors have been very encouraging and supportive as well.
Who, or what, would you say has had the biggest influence on your cybersecurity career journey to date, and why?
One of my early mentors who I met while in my second year of high school.
What do you see has having been the most memorable and/or significant event in your cybersecurity journey to date, and why?
Working with Dr Michelle Ellis [Outreach and engagement co-ordinator in the School of Science at ECU] on various workshops, and having an amazing interaction with some high school students. Also taking part in competitions such as the incident response competitions hosted by Woodside and Retrospect Labs was quite memorable.
What aspect of your studies excites you the most?
What excites me most is when I think I know something only to discover I do not. There are so many changes in this dynamic industry. There is always something new to learn.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
My initial challenge, which I am sure many international students experience, was a change of environment and trying to quickly adapt to a different system. I was previously accustomed to sitting exams and finals at the end of the semester, which has not been the case here. However, my university has been extremely understanding and supportive throughout my whole learning experience.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
Oh yes, I do see a need for, and I want to gain, non-cyber skills. I previously completed a green-tech program with the Future Females Business School [an accelerator for female entrepreneurs and aspiring business owners] on how to run a sustainable and environment-friendly business. This gave me an understanding of how to start and run a business and a perspective on why it is important to keep that business cyber-safe. I am also taking a short online course on project management with Coursera. I also took part in public speaking and interpersonal communications training offered by Strathmore University back in 2018.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
Yes, I am. I love to network and listening to other people’s views and experiences. I am part of Australian Women in Security as well as Second Thursday of the Month, to which I was introduced by Raymond Schippers [Perth based blue team lead at Canva]. I also take part in the Girls Programming Network with Dr Michelle Ellis’ help and guidance. With every chance I get, I attend the Student of Cyber events, which enable me to learn from and get to know people outside my university cohort.
Have you already sought employment in cybersecurity, if so, what has been your experience of applications/ interviews?
I have been applying but I have yet to be offered an interview. I am looking forward to volunteering in any institution to gain some experience.
www.linkedin.com/in/beth-kamau
Solange Fecci grew up in Chile and now lives in Adelaide where she is studying to be software engineer at 42 Adelaide and studying cybersecurity program development at La Trobe University. 42 Adelaide is a not-for-profit programming school that opened in 2021 to provide tuition-free coding in a self-driven and peer-dependent environment. It is backed by funding from the SA Government, SA business LoftusIT and multiple industry partners.
Software Engineering Student at 42 Adelaide
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
I would explain to them that cybersecurity is an exciting and rapidly growing field that is essential to protecting businesses and individuals from cyber attacks. I would tell them that cybersecurity professionals are in high demand as the number of cyber threats continues to increase. I would also mention that a career in cybersecurity offers a variety of opportunities such as incident response, penetration testing or threat intelligence and that it allows people to specialise in different areas that interest them. Additionally, I would highlight the potential for professional growth and development, and for high earning levels.
What cybersecurity role would you most like to be hired into when you graduate, and why?
I am most interested in an incident response role that allows me to use my technical skills to quickly identify and mitigate cyber threats, as well as to develop incident response plans to prevent future incidents. I am particularly drawn to roles that focus on forensic analysis because I believe understanding the full extent of a cyber attack is crucial for developing effective incident response plans.
I am also interested in roles that involve working with a team of incident response experts because I believe collaboration and knowledge sharing to be essential for quickly identifying and mitigating cyber threats. Additionally, I would like to work in a company that encourages continuous learning and professional development because I believe staying up-to-date with the latest tools, techniques and best practices is essential for success in this field.
Overall, I am eager to be part of a team that makes a real impact in protecting organisations and individuals from cyber threats and I am confident my technical skills and passion for incident response will make me an asset in any role I pursue.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
When I first decided to pursue a career in cybersecurity I was met with a positive reaction from my family members and I am thrilled to have found like-minded individuals at 42 Adelaide who share my interest in cybersecurity. Building a community and connecting with others in the field are crucial when pursuing a career in cybersecurity, because they enable the exchange of valuable information and resources.
Who, or what would you say has had the biggest influence on your cybersecurity career journey to date, and why?
I have been greatly influenced by the leadership and accomplishments of women like Wye Ping Lee [Skilled Service Hub Cybersecurity lead at PwC Australia]. Having the opportunity to meet her at a conference at PWC and learn from her experiences was a truly enlightening experience. She is a shining example of the impact that one person can have in the field of cybersecurity.
Furthermore, I have been greatly inspired by the work of outstanding women in cybersecurity in Australia, particularly by Teresa Janowski [founder and CEO of STEM Fast Track.] Her dedication to encouraging female students to enter the STEM professions through STEM Fast Track is truly admirable. Overall, I am grateful to have had the opportunity to meet and learn from Teresa and hope to follow her in making a positive impact in cybersecurity.
What do you see has having been the most memorable and/or significant event in your cybersecurity journey to date, and why?
The most memorable cybersecurity event I have attended so far was the cyber conference organised by AISA in Adelaide in August 2022. It was an amazing experience, filled with important and interesting speakers, and I had the opportunity to learn about various Australia and South Australiabased cybersecurity companies and the focus of their work.
The cybersecurity industry abounds with certifications from multiple organisations. Have you gained, or do you plan to gain any of these, if so which ones, and why?
As a student with an interest in cybersecurity I understand the importance of gaining certifications in the field. In addition to my studies at 42 Adelaide, I have completed cybersecurity certifications from Cisco and from La Trobe University. The certification I gained from La Trobe was in cybersecurity program development. That course taught me how to develop a roadmap for effective security management practices and controls.
In terms of future certifications, I am planning to start a course related to cybersecurity incident management at the Australian Cyber Collaboration Centre. I believe this course will be beneficial because it will provide me with the knowledge and skills required to effectively respond to and manage cyber incidents, which is a critical aspect of cybersecurity.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
Yes. Specifically, I have been a member of both AISA and AWSN since 2022. My experience with these organisations has been amazing. Through attending www.linkedin.com/in/solange-fecci-78a43723a
AISA branch meetings and conferences in Adelaide I have had the opportunity to network and connect with a diverse group of cybersecurity professionals. These events have been great opportunities for me to learn about the latest trends, technologies and best practices in the field, as well as to share my own knowledge and experiences. My experiences with AISA and AWSN have been very positive, and I believe being an active member of the community has greatly contributed to my professional development.
What is your favourite source of general information about cybersecurity?
I have several. One of my go-to sources is Cybercrime Magazine from Cybersecurity Ventures, which provides a wealth of information on the latest trends, threats and best practices in the cybersecurity industry. It also provides various research reports that can be quite informative.
I also follow several prominent cybersecurity experts and thought leaders on social media platforms such as LinkedIn, Twitter and YouTube. They offer valuable insights and perspectives on various cybersecurity topics and keep me informed of the latest developments in the field.
Hyesoo Cho
Hyesoo “Lauren” Cho was born in Seoul, South Korea and completed her primary school education there. She moved to Melbourne with her family but now lives in Hobart where she is in the third year of study for a Bachelor of Information Communication with a major in cybersecurity at the University of Tasmania.
Bachelor of Information Communication Student at University of Tasmania my friends, family and I could also be victims has influenced me the most to choose this path and to be able to protect myself and others.
Suppose you met an old friend from your last year at school who, knowing nothing about cybersecurity or what you do, asks you what you are doing. How do you answer them to ‘sell’ them on the idea of a career in cybersecurity?
Cybersecurity is all about protecting the things that help you exist in the cyber world. In other words, it’s protecting the connection between the ‘real world you’ and the ‘cyber world you’ so it can do things through the network for you.
How does the reality of cybersecurity as you experience it today fit with your understanding when you first thought about studying it?
Before I began my study, I thought cybersecurity was another boring job where you sit at a desk locked in a room full of machines staring at a monitor all day. But it turns out to be a cool job. It’s like fighting on the front line of the battlefield protecting the world where another you, a cyber you, exists.
What cybersecurity role would you most like to be hired into when you graduate, and why?
There are many possibilities and options once I finish my major which I am considering. But I am very eager to spread awareness of how important it is to protect people in the cyber world as much as in the real world.
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
No opposition. We all agreed how cool cybersecurity is.
Who, or what would you say has had the biggest influence on your cybersecurity career journey to date, and why?
The devastating news we hear every day about people being targeted and losing their property because of malicious attackers breaks my heart. Knowing that
We hear all the time that the world of cybersecurity is changing rapidly, particularly with the rate of threat evolution. Do you feel your course is doing a good job of being current?
Yes! For example, in one of the units I took as part of the course we were told to find and share with the class some interesting cybersecurity related news from the past few weeks. I found it a very interesting and clever way to learn how to stay on top of current cybersecurity trends.
What aspect of your studies excites you the most?
It’s always exciting when you do the hands-on exercises such as penetration testing of virtual machines. It is also exciting to accomplish protection against mock attacks.
What aspect do you find least interesting or useful?
I hate to say this, but I still hate writing long reports.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
It’s always very challenging to accept the fact that people are out there always searching for new ways and new targets to attack.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
I am always open to learn new things but I have not thought about undertaking any non-cyber related training yet. But as I study my course I am discovering how important it is to learn and understand the minds of the malicious attackers and how victims fall for their ploys. Perhaps learning about social engineering would be a great help to understand and prevent these attacks. www.linkedin.com/in/hyesoo-cho-8a25a623a
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
It’s always interesting and helpful to stay connected with others and learn about what they do and how they do it. Also, knowing that there are so many women like me in this field helps me stay motivated.
What is your favourite source of general information about cybersecurity?
Reading the cybersecurity related articles on ZDNet is always interesting. It helps me to stay on top of current cybersecurity issues and sometimes it is fun.
I also found it very entertaining when I read the story about how a certain song by Janet Jackson became a threat to some old laptops.
Have you ever felt disadvantaged or discriminated against by being a woman in cyber, if so, please provide details? Not at all. However, I always wish to see more women like me in the field.
What measures do you have in place for your personal cybersecurity?
I like the phrase ‘zero trust security’. It’s my strategy. I believe no one exposes themselves to attacks because they want to. So I always double check on my security and remind myself I can always become one of the victims.
Have you already sought employment in cybersecurity, if so, what has been your experience of applications/interview?
Unfortunately, not yet. I am still too busy learning new things.
SARAH EAST
Sarah Jayne East grew up Newcastle, NSW and now lives in Northern Canberra where she has just completed a Bachelor of Politics and International Relations at the University of Canberra. She specialised in national security with a major in law, policy and culture. She will shortly take up a role with the Australian Signals Directorate as a cybersecurity analyst.
Bachelor of Politics and International Relations Graduate at the University of Canberra
What was the reaction from parents, peers or career advisors to your decision to get into cyber? Did you face any opposition, if so, how did you feel about this?
My family felt disbelief at the prospect of me entering the cyber sphere. Having minimal cyber skills or outward enthusiasm led family members to react with suspicion. I felt hurt that they did not believe I would be capable of this career path. However, this will not impact my performance and they are still supportive, and a little bewildered.
What aspect of your studies excites you the most?
Within my studies, I focused on international relations and national security. The ability to plan for unknown and unlikely scenarios and the capacity, knowhow and resources to both respond and adapt are exciting. The skills these courses taught empowered me to be confident in how I approach time-sensitive situations and my planning.
Studying national security excited me because of its power to protect people. I think this is part of the reason I went into cybersecurity. The digital realm can cause harm. Protecting individuals from threats, identifying these threats and responding correctly can change lives.
Is there any aspect of your studies you find particularly difficult or challenging, if so what, and why?
Within my studies the most difficult course I undertook was economics. However, transitioning to virtual learning created a significant hurdle in my learning trajectory. This challenge was prominent throughout my entire career due to COVID-19.
Learning how to adjust to this challenge engendered great character growth, but also shaped how I approach tertiary education. Whilst economics was my hardest course, the pandemic ensured I had to redefine my entire learning process. It severed most of my connections with the security and defence industries.
I had to learn how to motivate myself and to stop comparing myself to peers whilst managing my time and personal life better. The pandemic was a challenge and a significant hinderance to my studies, but it enabled me to become a stronger person and a better student.
Do you see the need for, or plan to undertake, additional training in non-cyber skills to better equip you for a future role, eg interpersonal communications or management?
I have worked in various roles in my career. These include roles in retail and hospitality and roles at a university, embassy, medical centre and lobbyist firm. Throughout my career, I have used transferrable skills like interpersonal communications and management. I believe my role in cybersecurity is to connect data to users, translating for individuals what is ‘going on’ digitally.
In my view, communication is a fundamental skill in every job because employers are looking for friendly people to work with, not just efficient employees. I am not currently motivated to complete additional non-cyber skills training because I feel qualified by previous experience in these areas. However, the importance of interpersonal relations and connectivity cannot be understated.
Are you involved in the wider cybersecurity community, eg AWSN, if so, how and what has been your experience?
I have had amazing experiences with the wider cybersecurity community. These include Women In ICT, the Australian Women in Security Network and various cyber conferences. These experiences have brought me closer to the industry and to emerging technologies. They have also given me the opportunity to network with amazing leaders and female role models. Women in STEM at the University of Canberra provides a great entry into cybersecurity for students.
Having a supportive community, and especially vocal female support, can be career-changing. It is good knowing other industry individuals have your back, and when you have access to the knowledge, connections and experience of expert leaders, you leave every conversation wiser.
The wider cybersecurity community outside your workplace and immediate circle can offer a safe place to network.
What measures do you have in place for your personal cybersecurity?
Personally, I ensure I have multifactor authentication on everything. I do not autosave passwords. I try to avoid personalised ads, saved preferences and sites that are known for mining data. I frequently check to ensure my passwords and accounts have not been hacked and I block apps from using camera, audio and GPS tracking when not open.
I am constantly attempting to improve my cybersecurity awareness and hygiene. Most individuals will already screen spam mail, block potential fraudulent numbers and try to keep their data safe. Whilst I have not perfected my own cybersecurity protection, I will usually refer to the Australian Cyber Security Centre for advice on ransomware, email security and other issues.
With the benefit of hindsight would you change your career trajectory to date, and if so now?
In hindsight, I would not change much. I would take more interest in coding languages and people with interests in cybersecurity. I would have attended more cybersecurity events and conferences at the beginning of my degree and I would also have looked into cybersecurity-focused companies and clubs. www.linkedin.com/in/sarah-j-east
Having a like-minded support network such as Women in STEM on campus changed my outlook on cybersecurity. I would be more involved in the industry because you never know who you will meet and what great advice they will have to offer you.
Have you already sought employment in cybersecurity, if so, what has been your experience of applications/interviews?
I applied for a cybersecurity position by chance. I felt underqualified and never believed I would get the position. After applying, I attended the interview with the goal of making the most out of the experience. The application itself was not too difficult but required well-written answers. However, in the interview, I was pleasantly surprised by how passionate and welcoming the interview panel was. It was by far one of the best interview experiences I have had, and I got the role.
